Hello everyone. In order to meet a certain requirement, several of my sites must have a "separate router and firewall." The modem provided by the ISP does not meet the router requirement simply because it's owned by the ISP. We have already invested in FortiGate 60D routers, and we have VPN enabled on them, so a double-natted connection is not really an option. What's worse is that there are Intrusion Protection, and logging requirements, which we have solved using the FortiGate licensing, so it needs to be acting as the firewall.
I'm sure I could just get a router, configure a static route it in and put it in front of the FortiGate, but I don't see the point of it. Traffic would just pass straight through the router - it wouldn't be "routing" traffic, that's what the NAT firewall does.
Perhaps I'm missing something; has anybody had to meet this requirement before? Is it possible to have a separate NAT router with no firewall functions that then leads to a firewall and have it actually work? I would think this would stifle security due to the amount of control you would lose when it comes to the NAT itself.